Help save domain privacy

One of the benefits of being a reseller is that your registrar takes on the task of working within the domain name regulatory environment for you. Occasionally, however, pertinent issues arise and it is our job to inform and engage you.

Currently, there is a working group within ICANN responsible for building a regime to accredit domain privacy and proxy service providers. OpenSRS operates such a service and offers it to our reseller channel. We believe that the outcome of this working group could potentially impact our customers and all registrants using any privacy service.

What’s privacy service?

For those who don’t know, it’s possible to look up the registrant information for any domain name. When a person registers a domain name, their contact information is stored in something called the WHOIS database. You can then use a site like whois.icann.org to search this database for any domain name, which will tell you the details behind that domain like the person’s email, phone number and even their home address.

When you enable WHOIS privacy for your domain name, we will swap out all of your personal information in the WHOIS database and instead present our own information. That means that the registrant’s identity is protected.

What’s changing?

Intellectual property interests within ICANN are arguing for a number of problematic changes. First and foremost, it is being proposed that websites that perform transactions for commercial purposes would no longer be able to use privacy services.

This is extremely problematic for a number of reasons: First, the content of websites change frequently and is often unknown at the time of registration. This means that a domain’s privacy status may need to be changed post registration. It would also require either monitoring or a reporting function to remove privacy for non-compliant domains.

This sort of rule is also ripe for abuse, and will certainly be used to silence free speech and dissent. What happens when a dissident journalist or a women’s shelter are forced to remove privacy because they have a donation button on their websites or when they are simply soliciting support?

There are also proposals that would force your privacy service provider hand over your registrant’s information to third parties without due process, particularly for copyright or trademark complaints.

How you can help

If you feel as strongly as we do about the issue we encourage you to take action. You can help us prevent this change, and other problematic privacy proposals, in a number of ways:

1. Visit savedomainprivacy.org to learn more and sign the petition;
2. Share the above site with your privacy service using customers;
3. Share the site on social media;
4. Consider filing your own public comment to ICANN. This is as easy as sending your thoughts in an email to: comments-ppsai-initial-05may15@icann.org

Feel free to reach out to us at OpenSRS if you want more information. Background and details may be found above at savedomainprivacy.org or at the ICANN site for the proposal.

14 thoughts on “Help save domain privacy”

It seems to me that if OpenSRS were actually concerned about privacy, this service would be free. As it is, you’re simply trying to protect a profit stream — Now that that’s commendable from a business perspective, perhaps it’s not entirely honest to suggest that this will hurt dissidents, women’s shelters and similar, without mentioning your bottom line.

Based on the information presented in this posting, I can’t help but applaud the ICANN initiative. Obscured WHOIS has been a scourge for many years, since the day the practice took hold.

In my opinion, all WHOIS should be public and accurate for all domains all the time. If a party wishes to remain anonymous, why not hire the services of an intermediary (i.e., publish under a third party’s domain)?

The posting makes a couple of unconvincing arguments:

“First, the content of websites change frequently and is often unknown at the time of registration. This means that a domain’s privacy status may need to be changed post registration”—so what? Updating WHOIS is trivial. Often people move, or the admin contact changes, or whatever. How would this be any different?

I think more and more, I’m starting to agree. Also, if I read the proposal correctly, this only applies to commercial establishments. Dissidents could still be private, unless they’re selling something.

A women’s shelter is already an established business entity, with registered paperwork for the business, the domain could use the same physical address that is already published.

In short, more and more, this seems like a step forward, except for hose profiting from publishing fake information.

I believe that domain ownership should be transparent. Some responsibility and accountability ought to be associated with domain name ownership – where ownership is a misnomer in itself. Disclosing who owns a domain has nothing to do whatsoever with free speech. One caveat though. Domain name owners ought to be able to keep private his/her email address. We all know what happens with public email addresses. One can always use a PO Box if keeping a home address undisclosed, but we should have a right and a way to contact a domain owner.

I’d like email addresses to be published as well, however, owing to the state of spammers today I would allow registrars to have a customer-domain.example@registrar.example forwarder rather than publishing the real address.

There are just too many times when it’s difficult or impossible to reach out to a domain’s owner, but since email addresses are the one and only field that are verified and guaranteed to be deliverable and (to some degree) valid, it’s critical that they be available in some fashion.

Oh totally, I agree the mailing address should always be visible — I’m just saying that I understand the desire to not publish real email addresses (sort of. Actually not really, spammers will get your address soon enough anyway, and once you’re any larger than 1-2 people, you should learn what a roll address is and use one instead of a personal address anyway)

I agree, this article makes this privacy initiative look like a bad thing, and I disagree with the general statements made in this post. They sound like the work of an inexperienced shill, border on fear-mongering, and frankly, smell of desperation. I look at CIRA’s model for this, which does not even allow Companies to use WHOIS privacy on .CA domains. I think transparency leads to less overall abuse. Of course there cons (WHOIS data harvesting), but the pros outweigh the cons.

First, I don’t think there’s anything contradictory about both caring about privacy and having it as a part of our business. These are not oppositional goals.

To get a sense of where I am coming from: I tend to think of WHOIS as anachronistic and unnecessary. It seems absurd to me that I could buy a car or a gun, and not need to have my personal information published in a public database, but that if I buy a $10 domain the world would have a right to know where I live.

More importantly, domains are absolutely free speech. The string itself is expression, as is the website the domain enables and we need to be extremely careful when proposing changes that may inhibit that expression or may induce a chilling effect. The internet would be a much worse place if people couldn’t create and express anonymously. Part of that creation process is also having control, which is why forcing those who wish to create anonymously to use someone else’s domain is more than unsatisfactory.

If you disagree that domains and privacy are integral to free speech, then it’s seems unlikley that gulf between our positions can be crossed. The link between them is fundamental to the way we approach protecting our registrants at Tucows.

We also need to make sure that we create and sustain an internet for everyone. Where it’s easy and safe to have an idea, register a domain and express yourself. Ensuring domain privacy is available to everyone is a key part of that process.

Now that you raise the point, it seems rather absurd to me too that I could buy a car or a gun and not need to have my personal information published in a public database. Those registries should also be of the public record. Similar to domain “ownership”, the responsible party should be identifiable.

Your characterization of a domain name itself representing an act of free speech (which should implicitly be protected against interference, I guess?) also seems a bit theatrical, in my opinion.

You wrote: “The internet would be a much worse place if people couldn’t create and express anonymously.” The internet is a network of machines, not a place, and its ability to transmit expression amongst those machines is completely unencumbered by the publication of a domain name registrant’s identity.

You wrote: “Part of that creation process is also having control, which is why forcing those who wish to create anonymously to use someone else’s domain is more than unsatisfactory.” This is a red herring. Control and dependency are issues at every transaction (e.g. writing, design, editing, software, server hardware, electricity, taxation, licensing and rights, etc.). A DNS domain name is merely one of hundreds of elements that pertain to exchanging information on the internet.

With regard to your closing paragraph: I agree with the first two sentences, and completely disagree with the third. (I don’t feel that you’ve yet convincingly made the case.)

I’m pretty sure you can tell the difference between a turn of phrase and a literal definition. To ignore the meaning of Graeme’s entire sentence and redirect with a pedantic evasion was pretty silly. It makes me think that you don’t really have a response to the issue actually raised. Considering the havoc that doxing already causes in the lives people who take a stand on controversial topics, do you really think that making it a matter of a five-second web search to enable that kind of harassment is a good thing?

In response to criminal activity, it is already possible to get through the obfuscation of domain privacy using legal means. Why do you think it should be easy to find real-world information on *everyone* who registers a domain? What benefit do you see for the public? Do you honestly believe that this would *not* increase harassment of certain domain owners?

Luckily, we’re not talking about every domain registration, only domains used to conduct commercial transactions. Businesses are already publicly listed entities, mirroring that information in WHOIS should be harmless. Domains not engaging in commercial transactions don’t seem to be impacted.

Hmm… I don’t know about that. I’ve seen plenty of people solicit donations who would rather their personal information not be posted publicly. If I’m not afraid to take my chances with them, why let paranoia about how we *might* get ripped off cause us to implement policies that will make many of them just go away?

The problem this policy is ostensibly intended to address is mostly imaginary, and it would be an ineffective solution against actual criminal intent. I ask again, what public benefit do you see from this? How would this policy effectively solve any real problems?

Of course, I’m going entirely on summaries of what the policy says. If there is language in place that would prevent it from being used against private citizens with PayPal buttons on their site, I’d have less of an objection. I’d still object, but that’s because I don’t share the trendy idea that everything should be public information (unless you know how to hide it.)